On May 27th, starting 09AM until 4PM, took place the first edition of FRAUD SUMMIT by SPIA , the event dedicated to anti-fraud investigations and combating the fraud that affects the business environment in our country.
24 exceptional speakers, including anti-fraud specialists from companies, non-governmental organizations, public institutions and authorities, took the FRAUD SUMMIT stage and shared their expertise with the audience. The event was organized by SPIA, the leader of the Romanian new generation of private investigators, together with act Botezatu Estrade Partners law firm.
The current socio-economic context has accelerated the transfer of crime in the online environment and increased the number of companies at risk, generating another pandemic: that of fraud. According to the specialized studies conducted by PwC, almost 1 in 2 companies (47%) was affected by fraud in 2019 and 2020, which is the second highest level in the last 20 years.
Perhaps even worse is that, because of fear of negative publicity, more than half of the frauds are not reported to prosecutors by the companies. The lack of transparency and awareness’s direct result is precisely the phenomenon’s amplification. Here is another reason why companies need specialists to apply specific investigative procedures and techniques to combat the fraudulent phenomenon.
The fraud’s complexity is directly proportional to the size of the company or organization in which it occurs, generating significant losses from their revenues. But regardless of the size of the affected organization or the industry it belongs to, over a third of fraud committed within companies is committed by its own employees and causes losses of more than 5% of the company’s revenue, with the fraudsters being part of middle management, top management or working in operational departments.
“Unfortunately, less than half (49%) of frauds are reported to criminal prosecution bodies. Most companies choose to solve the problem internally, because they are afraid of negative publicity, but the lack of awareness of the risk of fraud inoculates the idea that, in fact, it does not exist. At the same time, very few companies have their own verification and control mechanisms or due diligence procedures. Most find out that they have a problem from inside – other employees who notify their superiors when they notice an irregularity. The impact of fraud on organizations is significant but has too little awareness. Therefore, any company must be careful and report any security issues because fraud can occur anywhere and there is no question if it occurs, but when it occurs.”, said Andrei Croitoru, Managing Associate act Botezatu Estrade Partners.
Men, fraud 3 times higher than women
According to Croitoru, regardless of the field in which it occurs, the main engine of fraud is money. Frauds committed by men cause 3 times more damage than those committed by women, while the damage caused by organized groups is 4-5 times greater than that of fraud committed by a single person, even if we can talk about a balance between the number of frauds committed by a single individual and criminal groups.
In Romania, because of the multitude of parties involved, the transactions performed and the products used, banks are a fertile ground for fraud, according to the specialists present at FRAUD SUMMIT. Thus, in the banking industry, the risk of fraud is multidirectional – banking institutions can be defrauded by customers, employees, third parties, shareholders or even those in charge of the company, through interpretable and sometimes incomplete legislation.
Cards are the most fraudulent product in banks and represent almost half of all crimes committed in the field.
Who is committing fraud and why?
Usually, fraudulent employees are among those “with seniority in the current job” – they know the vulnerabilities within the company, security breaches and, most importantly, have no criminal record on the first fraud committed or discovered.
“Employees cheat when they are in crisis: they have lost a lot of money at the casino or they are doing big debts in another way, they need a large amount of money, they have someone sick in the family. It is important to pay attention to those around us, because, beyond money, people need attention, appreciation, they need to be listened to. An organizational culture that focuses on people’s needs is very important, and human resources departments should have dedicated people who pursue these issues, even a psychologist would be helpful.“, said Ionut Neacșu, IGPR psychologist and negotiator in situations of crisis.
Private investigators and anti-fraud specialists present at FRAUD SUMMIT said that the organizations in Romania must be much more aware of the factors that favour fraud, should notify authorities when they discover or when they suspect that fraudulent activities are carried out within the company, have internal procedures to assess risks, organize training sessions with theyr employees, encourage employees to report suspicious situations (whistleblowing) and build a culture of awareness and internal control of the fraudulent phenomenon within the organization.
“Fraud always leaves traces and can be proven with the help of specialists. The suspects’ modes of operation are in a continuous development, while the anti-fraud investigators specialize daily, keeping up with the criminal phenomenon’s evolution. In fact, it is crucial that anti-fraud efforts always try to be one step ahead of fraudsters. It is important that, as soon as it is discovered, the fraud is reported and investigated, so that the damage can be recovered quickly.”, explained Nicolae Bîrlă, anti-fraud specialist at SPIA Romania.
“Most likely, by the end of the year, Romania will have a clear procedure for the use and protection of integrity advisors, a position from which employees can report suspicions of fraud within companies.“, said Teodora Stoian, Adviser of the Minister of Justice, present at the event.
Fraud can be external – 39% of frauds on companies have their source outside the organization, according to studies conducted worldwide, internal – also called occupational fraud, with a close percentage of external fraud, being produced in 37% of cases and mixed – fraud in which both external and internal fraudsters work together, in almost 20% of all frauds affecting companies.
“In the case of fraud committed by companies, in recent years, the “star” remains tax evasion. According to a statistic of the Ministry of Justice, during 2016-2019, almost half of the convictions decided for legal entities were generated by evasion, on the next place being the cases of fraud .”, explained Amalia Gogoci, Managing Associate, act Botezatu Estrade Partners.
Cyber fraud, more and more versatile!
Cyber-attacks are one of the biggest threats to companies, especially because of the pandemic that erupted last year, when many businesses were forced to move their operations online. Because many of these companies and their employees did not have the necessary training to deal with the risks of attack and security breaches, they did not know how to take serious security measures towards cyber fraud and became extremely vulnerable.
According to data presented by Alex Bălan, Chief Security Researcher at Bitdefender, in 2021, the number of malicious codes exposing companies to cyber-attacks exceeded 1.2 billion – more than 12 times more than in 2012, when, worldwide, the figure of 100 million codes.
“Cyber threats are becoming more and more evolved. If a few years ago we were talking about malware programs that were installed on your computer and stole various data, nowadays we are talking about whole organizations of very well-developed cyber attackers, which even have PR departments and offer affiliate services for other hackers.“, explained Alex Bălan.
According to Bălan, the most dangerous type of cyber threat today is “APT as a service” (Advanced Persistent Threat), a kind of cyber-attack used for political purposes, in cyber wars, for economic sabotage or for industrial espionage, which infiltrates a network in the long run to undermine sensitive data. Most of the time, these invasions remain undetected for years.
Another method of cyber threat is SCA (Supply Chain Attacks), which infects a vulnerable sector of an organization’s infrastructure to reach the entire company. The data show that in 2020, companies needed, on average, 280 days to realize that they had suffered data theft and to solve the problem.
A major problem is the fact that we consider ourselves already prepared or intangible. “The first worrying thing that the CEE Cyber Security Trends study, recently published by Microsoft, reveals is that customers’ satisfaction in Central and Eastern Europe, in terms of security, is 86%. This is very worrying, because, when you are happy with the degree of security you have, you are very relaxed, although in reality you should be constantly vigilant – especially if you are part of key areas, such as government or the financial-banking one. At the same time, more than 32% of the organizations in Romania and 23% at EEC level say that in the last year they have not registered any cyber-attack. It’s like coming back from vacation, finding the car dry in the parking lot and saying it hasn’t rained at all this time.”, said Eugen Rusen, Cloud Solution Architect Security & Compliance, Microsoft CEE.
Dan Cîmpean, General Manager of the National Cyber Security Incident Response Center CERT-RO, present in the dedicated cybersecurity panel, said that “A business has no chance alone, but needs an entire ecosystem to be protected from fraud. The digital transformation is happening at an accelerated pace and, in the last year, according to estimates, it has increased 7 times compared to normal, so that the attack surface has increased exponentially”.
According to him, “Romania will host the Cyber Centre of the European Union in Bucharest, and this comes as a recognition of the simple fact that we presented ourselves as an ecosystem: government, government agencies, universities, private environment etc. The main cyber security innovation, research and development programs of the European Union will take place here. Funding is unprecedented and recruitment will take place in Brussels. What is very interesting – and we are already noticing this – key companies in the digital and cybersecurity segments are either already positioned in Romania or are about to do so; they hire teams, open offices to be close to this centre. It will be essential for us to organize ourselves in a public-private and academic dialogue through which we will see what capabilities we each have, what research projects we have and what we can propose for projects with European funding in this field.”
Consequently, cyber-attacks are the scourge of the business environment today, and cybersecurity experts point out that no company, no matter how small or large and invincible, should rely on the concept of “no it is happening to me ”, but to install the most advanced protection and security systems, in an environment where cyber fraud is more and more frequent, and the attackers are more and more intelligent.
FRAUD SUMMIT, an opportunity to exchange know-how for specialists in different fields
Anti-fraud specialists from companies in the energy, IT or services sector present at the event said that not only raising awareness is important, but also the exchange of experiences, ideas and solutions applied in different cases by specialists. Even though they know and acknowledge that fraud is a sensitive subject, the speakers explained that they want to help even fraudsters to understand the risks they are exposed to when they choose to commit a crime and that the harsh sanctions, they are liable to go as far as imprisonment. If for individuals, the sanctions are going to prison and a criminal fine, in the case of companies that defraud the business environment, the sanctions can reach business closure.
On www.fraudsummit.ro you will soon be able to find all the content during the event, along with interesting articles that will address topics of interest to companies that want to protect themselves against fraud and you can pre-register for the second edition of the event, which will take place next year.
FRAUD SUMMIT by SPIA is an event organised by SPIA România, with the support of act Botezatu Estrade Partners as Main Partner, and that of wall-street.ro and KISS FM , Media Partners. This is how the first edition took place: